Donate to e Foundation | Murena handsets with /e/OS | Own a part of Murena! Learn more

Commit 7dfee2e7 authored by Michael Groover's avatar Michael Groover
Browse files

Guard ICC ID card string behind new identifier access requirements 

In Android 10 access to device identifiers was limited to apps with
the READ_PRIVILEGED_PHONE_STATE permission, carrier privileges, the
READ_DEVICE_IDENTIFIERS appop set to allow, or those that pass a
device / profile owner check. TelephonyManager#getSimSerialNumber
was guarded behind these new access requirements, but the same value
is still accessible via SubscriptionInfo#getCardString. While this
API is hidden toString or a parcelable can be used to obtain it. This
change clears out the card string in any returned SubscriptionInfo
objects if the caller does not meet the new identifier access
requirements.

Bug: 152057778
Bug: 173421434
Test: atest SubscriptionControllerTest
Change-Id: I4406f1a2859f8ab691bb9f07da6940fb85e5cbb4
Merged-In: I4406f1a2859f8ab691bb9f07da6940fb85e5cbb4
parent 9c392805

src/java/com/android/internal/telephony/SubscriptionController.java

+1 −0
Original line number Diff line number Diff line
@@ -3600,6 +3600,7 @@ public class SubscriptionController extends ISub.Stub { 
        if (!hasSubscriberIdentifierAccess(subInfo.getSubscriptionId(), callingPackage, message)) {

            result = new SubscriptionInfo(subInfo);

            result.clearIccId();

            result.clearCardString();

        }

        return result;

    }

tests/telephonytests/src/com/android/internal/telephony/SubscriptionControllerTest.java

+12 −4
Original line number Diff line number Diff line
@@ -959,7 +959,7 @@ public class SubscriptionControllerTest extends TelephonyTest { 
    public void testGetActiveSubscriptionInfoWithReadPhoneState() throws Exception {

        // If the calling package only has the READ_PHONE_STATE permission then

        // getActiveSubscriptionInfo should still return a result but the ICC ID should not be

        // available.

        // available via getIccId or getCardString.

        testInsertSim();

        mContextFixture.removeCallingOrSelfPermission(ContextFixture.PERMISSION_ENABLE_ALL);

        mContextFixture.addCallingOrSelfPermission(Manifest.permission.READ_PHONE_STATE);
@@ -970,6 +970,7 @@ public class SubscriptionControllerTest extends TelephonyTest { 
                subId, mCallingPackage, mCallingFeature);

        assertNotNull(subscriptionInfo);

        assertEquals(UNAVAILABLE_ICCID, subscriptionInfo.getIccId());

        assertEquals(UNAVAILABLE_ICCID, subscriptionInfo.getCardString());

    }



    @Test
@@ -983,6 +984,7 @@ public class SubscriptionControllerTest extends TelephonyTest { 
                subId, mCallingPackage, mCallingFeature);

        assertNotNull(subscriptionInfo);

        assertTrue(subscriptionInfo.getIccId().length() > 0);

        assertTrue(subscriptionInfo.getCardString().length() > 0);

    }



    @Test
@@ -1006,7 +1008,7 @@ public class SubscriptionControllerTest extends TelephonyTest { 
    public void testGetActiveSubscriptionInfoForSimSlotIndexWithReadPhoneState() throws Exception {

        // If the calling package only has the READ_PHONE_STATE permission then

        // getActiveSubscriptionInfoForSimlSlotIndex should still return the SubscriptionInfo but

        // the ICC ID should not be available.

        // the ICC ID should not be available via getIccId or getCardString.

        testInsertSim();

        mContextFixture.removeCallingOrSelfPermission(ContextFixture.PERMISSION_ENABLE_ALL);

        mContextFixture.addCallingOrSelfPermission(Manifest.permission.READ_PHONE_STATE);
@@ -1017,6 +1019,7 @@ public class SubscriptionControllerTest extends TelephonyTest { 
                        mCallingPackage, mCallingFeature);

        assertNotNull(subscriptionInfo);

        assertEquals(UNAVAILABLE_ICCID, subscriptionInfo.getIccId());

        assertEquals(UNAVAILABLE_ICCID, subscriptionInfo.getCardString());

    }



    @Test
@@ -1031,6 +1034,7 @@ public class SubscriptionControllerTest extends TelephonyTest { 
                        mCallingPackage, mCallingFeature);

        assertNotNull(subscriptionInfo);

        assertTrue(subscriptionInfo.getIccId().length() > 0);

        assertTrue(subscriptionInfo.getCardString().length() > 0);

    }



    @Test
@@ -1051,7 +1055,7 @@ public class SubscriptionControllerTest extends TelephonyTest { 
    public void testGetActiveSubscriptionInfoListWithReadPhoneState() throws Exception {

        // If the calling package only has the READ_PHONE_STATE permission then

        // getActiveSubscriptionInfoList should still return the list of SubscriptionInfo objects

        // but the ICC ID should not be available.

        // but the ICC ID should not be available via getIccId or getCardString.

        testInsertSim();

        mContextFixture.removeCallingOrSelfPermission(ContextFixture.PERMISSION_ENABLE_ALL);

        mContextFixture.addCallingOrSelfPermission(Manifest.permission.READ_PHONE_STATE);
@@ -1063,6 +1067,7 @@ public class SubscriptionControllerTest extends TelephonyTest { 
        assertTrue(subInfoList.size() > 0);

        for (SubscriptionInfo info : subInfoList) {

            assertEquals(UNAVAILABLE_ICCID, info.getIccId());

            assertEquals(UNAVAILABLE_ICCID, info.getCardString());

        }

    }
@@ -1078,6 +1083,7 @@ public class SubscriptionControllerTest extends TelephonyTest { 
        assertTrue(subInfoList.size() > 0);

        for (SubscriptionInfo info : subInfoList) {

            assertTrue(info.getIccId().length() > 0);

            assertTrue(info.getCardString().length() > 0);

        }

    }
@@ -1101,7 +1107,7 @@ public class SubscriptionControllerTest extends TelephonyTest { 
    public void testGetSubscriptionsInGroupWithReadPhoneState() throws Exception {

        // If the calling package only has the READ_PHONE_STATE permission then

        // getSubscriptionsInGroup should still return the list of SubscriptionInfo objects

        // but the ICC ID should not be available.

        // but the ICC ID should not be available via getIccId or getCardString.

        ParcelUuid groupUuid = setupGetSubscriptionsInGroupTest();

        mContextFixture.removeCallingOrSelfPermission(ContextFixture.PERMISSION_ENABLE_ALL);

        mContextFixture.addCallingOrSelfPermission(Manifest.permission.READ_PHONE_STATE);
@@ -1112,6 +1118,7 @@ public class SubscriptionControllerTest extends TelephonyTest { 
        assertTrue(subInfoList.size() > 0);

        for (SubscriptionInfo info : subInfoList) {

            assertEquals(UNAVAILABLE_ICCID, info.getIccId());

            assertEquals(UNAVAILABLE_ICCID, info.getCardString());

        }

    }
@@ -1126,6 +1133,7 @@ public class SubscriptionControllerTest extends TelephonyTest { 
        assertTrue(subInfoList.size() > 0);

        for (SubscriptionInfo info : subInfoList) {

            assertTrue(info.getIccId().length() > 0);

            assertTrue(info.getCardString().length() > 0);

        }

    }